Guidance

FCDO as a data controller: privacy notice

Updated 11 July 2023

© Crown copyright 2023

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/fcdo-as-a-data-controller-privacy-notice/fcdo-as-a-data-controller-privacy-notice

What a privacy notice is

The General Data Protection Regulation requires that data controllers provide information to people whose personal information they process. Processing information means how we use it, store it, and share it, how long we keep it and how we destroy it.

This notice explains how and why the Foreign, Commonwealth and Development Office (FCDO) uses personal information. It applies to the data held for current and former FCDO staff and contractors as well as members of the public who have used services provided by the FCDO.

It is important that you read this notice, together with any other privacy notice that is provided on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

Who we are

The FCDO pursues our national interests and projects the UK as a force for good in the world. We promote the interests of British citizens and provide consular services overseas, safeguard the UK’s security, defend our values and tackle global challenges with our international partners. To do this effectively we must collect, store, share and use personal information.

We will ensure that we treat all personal information in accordance with data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018 (DPA 2018). Data protection law states that the personal information that we hold about you must be:

  • processed lawfully, fairly and in a transparent manner
  • collected for specific purposes which we have clearly explained to you, and will not be used in any other way which is incompatible with those purposes
  • relevant to the purposes we have explained to you and limited to those purposes only
  • accurate and kept up to date
  • held only for as long as is necessary for the purposes that we have explained to you
  • kept securely

What information we collect about you and how

Personal data is information that relates to an identified or identifiable individual. We may collect personal data from you, including your:

  • full name and title
  • date of birth, marriage and divorce
  • contact details such as addresses, telephone number and email addresses
  • next of kin and emergency contacts
  • gender
  • marital status and details of dependants
  • National Insurance number
  • financial details such as bank account details, payroll records and tax status information
  • nationality and passport details and immigration status
  • recruitment information (including copies of right to work documentation, references and other information included in a CV or cover letter or as part of the application process)

In addition, we may also collect, store and use certain special category data about you as listed below. You can find more information on how we protect special category and criminal convictions data in our Appropriate Policy Document.

  • information about race or ethnicity
  • religious beliefs
  • sexual orientation
  • political opinions
  • trade union membership
  • health information
  • genetic and biometric information
  • criminal conviction data

We typically collect information directly from individuals when they are recruited to posts, apply to use FCDO services or undergo formal recruitment. However, we will sometimes collect additional information from third parties, including:

  • other ministerial departments
  • information provided to us by our arm’s-length bodies
  • information provided to us by governments in other countries

How we use your information

The information that is collected enables us to perform our duties as an employer, comply with our legal obligations and carry out our functions as a government department in the UK and overseas.

The purposes for which we will process personal information relating to FCDO employees include:

  • making decisions about your recruitment or appointment
  • checking you are legally entitled to work in the UK and to provide you with the security clearance appropriate for your role
  • managing pay, including tax and National Insurance contributions
  • pension payment and liaising with your pension provider
  • education, training and development requirements
  • ascertaining your fitness to work, managing sickness absence
  • complying with health and safety obligations
  • to prevent fraud
  • to monitor your business and personal use of our information and communication systems to ensure compliance with our IT policies
  • to ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
  • dealing with Freedom of Information Act/Environmental Information Regulations requests
  • safeguarding
  • procurement
  • residential accommodation overseas

The purposes for which we will process personal information relating to members of the public include:

  • visiting FCDO buildings
  • taking part in FCDO-sponsored online events and forums
  • accessing consular services, including emergency travel documents and registering births or deaths abroad
  • legalising documents
  • submitting media enquiries or other information requests to the FCDO
  • applying for international development funding
  • nominating candidates for an honour on the Overseas and International Honours List
  • applying for postgraduate scholarships to study in the UK
  • requesting a review of your designation or UN listing under sections 23 or 25 of the Sanctions and Anti-Money Laundering Act 2018
  • submitting project proposals for the Counter Proliferation Programme

We have a number of privacy notices which explain in more detail how we use your information in specific circumstances.

These privacy notices are available on our Personal Information Charter page.

The FCDO has 8 arm’s-length bodies and non-departmental public bodies, which are listed below. Each one is registered as a data controller in its own right and has published its own privacy notice:

Who we share your information with and why

Who we share your information with is dependent upon the FCDO service you are accessing. There may be other circumstances in which we may lawfully share your data with third parties. In some cases, we may be required to do so by law, by court order, or to prevent fraud or other crimes. For example, we share payroll information with HM Revenue & Customs and details of births, deaths, marriages with the General Register Office. Where we share data, however, we shall do so in accordance with applicable data protection laws.

Our lawful basis for processing

For the FCDO to legally process your personal information we need to have a lawful basis. Your data will be processed under one of the following lawful bases:

  • public task: where we are carrying out a specific task in the public interest or exercising official authority. This is the most commonly used lawful basis in the FCDO as we are a ministerial department
  • legitimate interests: where we use your data in a way that you would reasonably expect for our own interests, or those of a third party. This should have minimal privacy impact
  • contract: we have a contract with you, or you have asked us to take specific steps before entering into a contract with you
  • legal obligation: to comply with a court order or other legal requirement
  • consent: you have given us clear and informed consent to process your personal information for a specific purpose
  • vital interests: to protect someone’s life

Where we process special category data we do so:

  • in certain circumstances with the explicit consent of the data or individual appointed to act as their representative
  • where the processing of such data is necessary in order to carry out our employment law obligations and such processing is in line with our data protection policy
  • we also process such data where it is necessary in the substantial public interest to do so for the following purposes, in which case we will process such data in line with our data protection policy:
    • performing our official functions as a government department
    • equal opportunities monitoring
    • administering our pension scheme
    • preventing or detecting unlawful acts
  • where it is needed to assess your working capacity on health grounds, subject to appropriate confidentiality safeguards
  • where it is necessary in relation to legal claims
  • where it is necessary to protect your vital interests (or someone else’s interests) and you are not capable of giving your consent
  • where you have already made the information public

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated or new purpose, we will notify you and we will explain the legal basis which allows us to do so.

We will, if necessary, process your personal information without your knowledge or consent, in compliance with the above rules, where this is required and permitted by law.

Under the Public Records Act 1958, government departments retain records which are collected by the National Archives. Within the FCDO, certain documents are reviewed for permanent preservation in the National Archives after 15 years. These records may contain personal data. The lawful basis is for archiving purposes in the public interest. As the purpose of archiving is to maintain records for use over the long term, the privacy impact upon you is likely to be minimal. If you have concerns about any information about you that may have been archived, you can contact the Data Protection Officer.

How long we keep your personal information for

We will retain your personal data for only as long as it is necessary or for as long as we are legally required to do so and in line with our retention schedule. Your personal data will be destroyed securely in line with FCDO retention and disposal policy.

Your rights

There are 7 rights that you have when the FCDO is using your personal information. If you have any questions about these rights, you can contact the Data Protection Officer for more information.

  • right to be informed: you have the right to be informed about what we do with your personal data, which is the purpose of this Privacy Notice
  • right of access: you have the right to request a copy of any personal information we hold about you and what we do with it. This is known as a Subject Access Request. You can make a request by emailing information.rights@fcdo.gov.uk
  • right to rectification: you have the right to request that any inaccurate personal data we hold is corrected or have incomplete personal information completed
  • right to erasure: you have the right to request that your personal data is erased. This only applies in certain circumstances
  • right to restrict processing: you have the right to request that we limit the use of your personal data. This only applies in certain circumstances
  • right to data portability: you have the right to move, copy or transfer personal information from one IT system to another in a safe and secure way. This right only applies to certain information in certain circumstances
  • right to object: you have the right to object to the use of your information, which means that we would have to stop using your personal information. This right only applies to certain information in certain circumstances

If your personal data is processed on the basis of consent, you have the right to withdraw consent to the use of your personal data at any time.

When making a request to exercise any of these rights, please include your full name, up-to-date contact details and the date of your request. If you are making a Subject Access Request, you should include a comprehensive list of what personal data you want to access, including any relevant dates or search criteria to help us identify the data you want.

How to contact us

If you have any questions about this notice, consider that your personal data has been misused or mishandled, or would like to exercise any of your rights, you can contact the Data Protection Officer at the Foreign, Commonwealth and Development Office:

Data Protection Officer
Foreign, Commonwealth and Development Office
King Charles Street
London
SW1A 2AH

Email: Data.Protection@fcdo.gov.uk

Tel: 020 7008 5000

How to make a complaint

You can also make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO website: www.ico.org.uk

Changes to this notice

We encourage you to reread this Privacy Notice occasionally. We aim to update it regularly, in order to keep you fully informed about how we use your personal information.

This Privacy Notice was last updated on 19 June 2023.

Back to top